aboutsummaryrefslogtreecommitdiffstats
path: root/security/Kconfig
diff options
context:
space:
mode:
authorJames Morris <jmorris@namei.org>2009-02-05 19:01:45 -0500
committerJames Morris <jmorris@namei.org>2009-02-05 19:01:45 -0500
commitcb5629b10d64a8006622ce3a52bc887d91057d69 (patch)
tree7c06d8f30783115e3384721046258ce615b129c5 /security/Kconfig
parent8920d5ad6ba74ae8ab020e90cc4d976980e68701 (diff)
parentf01d1d546abb2f4028b5299092f529eefb01253a (diff)
Merge branch 'master' into next
Conflicts: fs/namei.c Manually merged per: diff --cc fs/namei.c index 734f2b5,bbc15c2..0000000 --- a/fs/namei.c +++ b/fs/namei.c @@@ -860,9 -848,8 +849,10 @@@ static int __link_path_walk(const char nd->flags |= LOOKUP_CONTINUE; err = exec_permission_lite(inode); if (err == -EAGAIN) - err = vfs_permission(nd, MAY_EXEC); + err = inode_permission(nd->path.dentry->d_inode, + MAY_EXEC); + if (!err) + err = ima_path_check(&nd->path, MAY_EXEC); if (err) break; @@@ -1525,14 -1506,9 +1509,14 @@@ int may_open(struct path *path, int acc flag &= ~O_TRUNC; } - error = vfs_permission(nd, acc_mode); + error = inode_permission(inode, acc_mode); if (error) return error; + - error = ima_path_check(&nd->path, ++ error = ima_path_check(path, + acc_mode & (MAY_READ | MAY_WRITE | MAY_EXEC)); + if (error) + return error; /* * An append-only file must be opened in append mode for writing. */ Signed-off-by: James Morris <jmorris@namei.org>
Diffstat (limited to 'security/Kconfig')
-rw-r--r--security/Kconfig9
1 files changed, 9 insertions, 0 deletions
diff --git a/security/Kconfig b/security/Kconfig
index a79b23f73d0..bf129f87de7 100644
--- a/security/Kconfig
+++ b/security/Kconfig
@@ -82,6 +82,15 @@ config SECURITY_NETWORK_XFRM
82 IPSec. 82 IPSec.
83 If you are unsure how to answer this question, answer N. 83 If you are unsure how to answer this question, answer N.
84 84
85config SECURITY_PATH
86 bool "Security hooks for pathname based access control"
87 depends on SECURITY
88 help
89 This enables the security hooks for pathname based access control.
90 If enabled, a security module can use these hooks to
91 implement pathname based access controls.
92 If you are unsure how to answer this question, answer N.
93
85config SECURITY_FILE_CAPABILITIES 94config SECURITY_FILE_CAPABILITIES
86 bool "File POSIX Capabilities" 95 bool "File POSIX Capabilities"
87 default n 96 default n